Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
rombert, AclUtil.setAcl attempts to avoid adding redundant entries (and writing an unmodified policy back to the repository).
however, it ignores the return value of JackrabbitAccessControlList.addEntry, which as far as i remember indicates if the given policy has been modified by the given call. i would recommend to take the return value into consideration instead of always setting 'changed = true'.
in addition: i am not totally convinced that it is wise to 'manually' compare the existing entries with the ones to add and it might well lead to subtle inconsistencies. also, depending on the exact implementation of the JackrabbitAccessControlList, adding an entry (even if already contained) may effectively alter the policy (e.g. by appending the entry and thus affecting the overall outcome of the evaluation). in other words: IMO it would be better to rely on the capability of the JackrabbitAccessControlList to determine if an entry was added or not (also the expandPrivileges may be achieved in an optimized fashion with the acl-implementation).